Back to skill

Security audit

Metabase

Security checks across malware telemetry and agentic risk

Overview

This Metabase skill is a disclosed OOMOL connector wrapper for reading and searching Metabase content, with no artifact-backed evidence of hidden or destructive behavior.

Install this only if you are comfortable letting the agent use your connected OOMOL Metabase account to read dashboards, cards, collections, databases, and search results visible to that account. Review any future version carefully if it adds write or destructive actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest and description position the skill as limited to searching and reading data, but the body of the skill explicitly allows arbitrary Metabase actions and discusses write/destructive operations. This mismatch can cause downstream agents or users to grant trust or invoke the skill under a read-only assumption, increasing the chance of unintended state-changing operations if the connector later exposes mutating actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger text says to use this skill for ANY Metabase request and instead of calling the API directly, which is overly broad and may cause the skill to be invoked for tasks beyond simple read/search use. In context, that matters more because the skill's documentation suggests arbitrary connector actions may be run, so broad invocation increases the blast radius of the description mismatch.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.